There has been a lot of news about data breaches and organizations that have failed to enhance their security and subsequently fallen victim to hackers who have successfully exfiltrated large amounts of sensitive data. The 2014 Verizon Data Breach Investigation report shows that while web application attacks were involved in only 6% of incidents, they were associated with 35% of successful breaches. In fact, web applications attacks represented the single largest vector involved in the breaches reviewed in the report! It is clear that organizations need automated and scalable tools that improve how they discover, catalog and test web applications to ensure that security vulnerabilities are quickly identified and remediated. The report also indicates that while the majority of compromise and exfiltration activities happen within hours, most organizations only discover and contain web application attacks in days or weeks.
Qualys Web Application Scanning (WAS) 4.1 addresses this gap with tightly integrated virtual patching protection with the Qualys Web Application Firewall (WAF) solution to ensure that applications can be hardened against attack and compromise in a matter of minutes.
Feature highlights include: Integrated virtual patching with Qualys WAF service. Proxy support for internal appliances to ensure Qualys WAS can reach all the web applications in an organization’s environment, and provide customers with full logging capabilities at scale.